Privacy Policy | GetALife

1. Who We Are

GetALife (package name: app.tinygiants.getalife) is operated by GetALife by Michael Hofmann.

For any privacy-related inquiries, please contact us at:
Email: info@getalife.app

2. What Data We Collect and Why

2.1 Crash Reporting (Firebase Crashlytics)

We collect crash logs, stack traces, and basic device information (device model, OS version, app version) to identify and fix bugs. This data is collected automatically when a crash or non-fatal error occurs.

2.2 Performance Monitoring (Firebase Performance)

We collect app performance metrics such as startup time, network request latency, and screen rendering times to improve the user experience.

2.3 Push Notifications (Firebase Cloud Messaging)

We collect a device push token to send you notifications. You can disable push notifications at any time in your device settings.

2.4 Customer Support (Crisp Chat)

When you contact us via in-app chat, we process your name, email address, and chat messages to provide customer support. This data is only collected when you actively initiate a conversation.

2.5 Subscriptions and Purchases (RevenueCat)

We use RevenueCat to manage subscriptions and in-app purchases. RevenueCat processes anonymous user IDs, purchase history, and subscription status. No payment details (such as credit card numbers) are collected by us; payments are handled by the respective app store (Apple App Store or Google Play).

2.6 Paywall Analytics (Superwall)

We use Superwall to manage and optimize our paywalls. Superwall collects data about paywall impressions, interactions, and conversion events using anonymous identifiers.

2.7 Banking Data (Tink)

If you choose to connect your bank account, we use Tink (a Visa company) as a regulated banking provider to access your account data and transactions. GetALife never stores your bank login credentials. Authentication happens directly and securely between you and Tink. We receive read-only access to account balances and transaction data to provide our budgeting features.

2.8 Data We Do NOT Collect

Analytics tracking: Google Analytics is explicitly disabled.
Advertising: We do not use ad tracking or advertising SDKs.
Location data: We do not collect your location.
Cross-app tracking: We do not track your activity across other apps or websites.

3. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Legal Basis	Applies To
Contract performance (Art. 6(1)(b) GDPR)	Banking data (Tink), subscription management (RevenueCat) - necessary to provide the core service you signed up for.
Legitimate interest (Art. 6(1)(f) GDPR)	Crash reporting (Crashlytics), performance monitoring (Firebase Performance), paywall optimization (Superwall) - necessary to maintain and improve the app.
Consent (Art. 6(1)(a) GDPR)	Push notifications (FCM), customer support chat (Crisp) - based on your explicit action (enabling notifications or initiating chat).

4. Data Retention

Data	Retention Period
Crash reports (Crashlytics)	90 days
Performance data	90 days
Push notification tokens	Until you uninstall the app or revoke permission
Crisp chat messages	12 months after last interaction
Subscription data (RevenueCat)	Duration of your account plus 30 days
Paywall interaction data (Superwall)	12 months
Banking data (Tink)	Until you disconnect your bank account or delete your account

When you delete your account, we will delete or anonymize all personal data within 30 days, unless we are legally required to retain it.

5. Third-Party Data Processors

We share data with the following third-party processors, each bound by data processing agreements:

Processor	Purpose	Location
Google LLC (Firebase)	Crashlytics, Performance Monitoring, Cloud Messaging	USA / EU
Crisp IM SAS	Customer support chat	EU (France)
RevenueCat Inc.	Subscription and purchase management	USA
Superwall Inc.	Paywall management and analytics	USA
Tink AB (Visa)	Banking data access (PSD2-regulated)	EU (Sweden)

6. International Data Transfers

Some of our processors are based in the United States. For these transfers, we rely on:

EU-U.S. Data Privacy Framework (DPF): Google and other processors certified under the DPF.
EU Standard Contractual Clauses (SCCs): For processors not covered by the DPF, we use the European Commission's standard contractual clauses to ensure an adequate level of data protection.

Your banking data processed through Tink remains within the EU.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

Right of access (Art. 15) - Request a copy of your data.
Right to rectification (Art. 16) - Correct inaccurate data.
Right to erasure (Art. 17) - Request deletion of your data ("right to be forgotten").
Right to restrict processing (Art. 18) - Limit how we use your data.
Right to data portability (Art. 20) - Receive your data in a structured, machine-readable format.
Right to object (Art. 21) - Object to processing based on legitimate interest.
Right to withdraw consent - Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@getalife.app. We will respond within 30 days.

You also have the right to lodge a complaint with your local Data Protection Authority (DPA).

8. Children's Privacy

GetALife is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected data from a child under 16, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by other appropriate means. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

GetALife by Michael Hofmann
Email: info@getalife.app